can be configured per application

wireguard can too using network namespaces

not exclusively as an interface in kernel mode

Which devices are you people running where you want VPN/proxy but don’t have kernel permissions to run wireguard? Firefox on iPhone? Porn on wifi washing machine?

Curious, what is SOCKS5 used for that regular wireguard cannot do? I’m only familiar with the use case of telling Firefox to connect through a SOCKS5 proxy, which may be convenient as a form of split tunneling - only firefox traffic goes through the VPN and everything else through clearnet - but wireguard can be configured into a split tunnel form as well with a bit more work, and works for all software not just the ones aware of SOCKS proxies. Is it for use on a system where your permissions are too limited to turn on wireguard but not so limited that you cannot change Firefox proxy settings?

Talescale is a VPN, “private network” is what P and N stand for. It’s just one with only forwarded ports and no outbound traffic. The question was are forwarded ports important, and yes they are. So important that some users pay for a VPN twice! Once for something like Mullvad with no port forwarding, and once for Talescale for port forwarding. It’s true it has benefits like static IP, but even on my commercial VPN I get the same forwarded IP and port when connecting to the same server, so I don’t want to pay twice.

In theory, the rich can just continue paying off each other spending money on rich people stuff. 80% of the economy consisting of activities like robot-staffed billionaire-owned construction companies making and selling super-yachts to oil billionaires, who made their fortune selling fuel to space tourism companies ferrying billionaire designer bag heiresses to the Moon. The rest of us can starve to death and the economy won’t even blink.

I’m coming up with “agent noun”

https://en.wikipedia.org/wiki/Agent_noun#Words_related_to_agent_noun

I run a Minecraft server. Couldn’t have done it without port forwarding.

New York City reporting in, can confirm the subways have been plastered in Mullvad ads for months. I’m so glad I switched away last year, so that at least I know none of my money is used to spam my own eyeballs. Though in some sense it is nice that VPNs are common in public discourse now.

This. Full disk encryption worked on Linux long before TPM, and works perfectly fine now still. TPM to me seems only additionally effective in a narrow range of “evil maid” attack scenarios where your (unencrypted, unsigned) bootloader is modified at rest, such as to steal your disk encryption key later. However A) I cannot afford to hire a maid, let alone one also skilled in editing Linux initramfs images and B) I don’t see TPM evangelists check their keyboard USB cable for in-line hardware sniffers every single time they step away from their desk.

Good question to ask! I had short hair then, which is why it worked. Have long hair now and could not get away with it again - start feeling too greasy after a week, and I like my hair silky with conditioner.

6 months, during high school over the winter. Shower was broken (water would only come out perfectly hot or cold, nothing in between) and parents/landlord would not fix it. I kinda just gave up on it. Nothing bad came out of it. Nobody at home or at school ever said anything or even noticed, as far as I could tell. No, they were not just being polite. I watched everyone closely, as much as an experiment of personal curiosity as anything else, and there were no signs of disapproval, nobody had a clue. I suffered no social consequences whatsoever. Wearing a new set of clothes every day alone was sufficient to stay clean.

Can’t decide whether I just have one of those Asian genes that make you not smell, or whether Americans as a culture are psychotically brainwashed by soap companies’ propaganda to the point where even the idea of “spending more than 1 day away from shower” is worse than death for them. Never used deodorant either (other than to try it out - just makes me feel gross, sticky, and smelly). Imagine how much money those deodorant companies are missing out on me over a lifetime!

Use wireshark and listen on your ethernet interface. When you use tailscale, are the packets coming in/out from the tailscale server IP or the VPN ip? Check through the ip route routing table and figure out which pathway a packet will take in each use case. Might need to add a route exception specifically for the tailscale server IP to go out on the ethernet device.

PostUp = ip route add 100.64.0.0/10 dev tailscale0

Looks like you need to stick this line in the tailscale service file, since it’s the only time that the existence of the tailscale0 device is guaranteed. If you don’t want to modify the service file inside the package, could you write your own systemd service file and include the tailscale service as a prerequisite?

Also make sure that when you start the VPN first and then tailscale, you don’t get a double tunnel situation where tailscale goes out through the VPN (unless that’s what you wanted).

That allows sending packets inside the VPN tunnel, but the outer envelope packets still need to be able to reach the VPN server.

sudo ufw default deny outgoing

I’m guessing this would block the VPN packets themselves as well.

IMHO if you don’t have a globally-reachable address or forwarded port, you are not really a participant of the internet, you are just a receptacle xD

One service I never see mentioned is OVPN. They have a 1-to-1 feature parity with mullvad and were an easy drop-in replacement when mullvad closed their ports:

• wireguard
• port forwarding
• no usernames/emails/registration, only account numbers
• crypto payments/cash in the mail
• same price as mullvad
• multiple device keys
• multihop
• no bandwidth limits
• setup guides
• status dashboard

I used mullvad for years, sad to see them go, and all my scripts basically worked without any change other than the server addresses/public keys. Only downside is they don’t have as many users so not as many servers. I wish more people would join up so I get more IPs to choose from :D

*Yawn!* Wake me up when they stop requiring phone numbers to sign up.

They incorrectly broke it because they were overzealous.

There was some scare in lemmy development circles recently about script injection vulnerabilities. The various apps and frontend developers “solved” the problem by peppering untrusted user input with escape sequences all over the place. User submits post? Escape title! Receive new post from a federated instance? Escape title!

Obviously if you escape the title twice and display once, it will show up weird. The problem is that the various devs haven’t agreed yet which parts of the messaging protocol are supposed to be already escaped and which are not. Ideally all user input should be stored and transmitted in raw form, and only escaped right before displaying. But due to various zealously-cautious devs we get this instead:

Central Park is not New York’s largest park. It’s the 5th.

I think it’s precisely because there is no governing body for English and all the rules are colloquial, developed through usage, that people do get grumpy! They are the only ones who can create and enforce the rules! Each English speaker feels personally responsible and compelled to correct use they perceive is in violation of the rules the way they want them to be. If they don’t do it right then and there, no one else can.